Pi-Hole - A Poor Mans DNS Monitoring Tool
DNS Overview
The Domain Name System (DNS) is the phonebook of the interwebs, but with some caveats. Instead of paying your phone carrier to maintain your number and the phonelines, you have to pay the internet service provider access to the Internet, and then depending on the website you visit, you pay them by letting them serve you advertisements, or you just outright buy goods and services from them. But what if you don't want to buy anything? What if you don't feel like being tracked? What if you don't want all of your devices to listen to everything you are saying so they can just recommend you a more personalized gadget? Then Pi-Hole is the service for you. But it can do so much more than just block ads and tracking.
Protect your home network from Cyberattacks:
No way! Yes way, Pi-Hole can help you defend from the following types of attacks:
Malicious Domains
Malicious Domains are everywhere. According to Palo Alto Networks, the vast majority of newly registered domains are malicious. In order to help protect your home network from the ever-growing threat of these malicious domains is to use Pi-Hole as a protection mechanism. How? By monitoring and blocking your DNS queries. There are great open-source malicious domain lists that exist, and can be a great start in securing your home network. Here are some of my favorite:
https://blocklistproject.github.io/Lists/alt-version/malware-nl.txt https://blocklistproject.github.io/Lists/alt-version/ransomware-nl.txt https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt https://urlhaus.abuse.ch/downloads/hostfile/ https://raw.githubusercontent.com/ShadowWhisperer/BlockLists/master/Lists/Malware https://curben.gitlab.io/malware-filter/urlhaus-filter-domains.txt https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt https://v.firebog.net/hosts/Prigent-Crypto.txt https://bitbucket.org/ethanr/dns-blacklists/raw/8575c9f96e5b4a1308f2f12394abd86d0927a4a0/bad_lists/Mandiant_APT1_Report_Appendix_D.txt https://phishing.army/download/phishing_army_blocklist_extended.txt https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts https://urlhaus.abuse.ch/downloads/hostfile/ https://v.firebog.net/hosts/Prigent-Malware.txt https://v.firebog.net/hosts/Shalla-mal.txt https://v.firebog.net/hosts/Airelle-hrsk.txt https://raw.githubusercontent.com/tg12/pihole-phishtank-list/master/list/phish_domains.txt https://raw.githubusercontent.com/HorusTeknoloji/TR-PhishingList/master/url-lists.txt
Malicious Advertising
Malvertising is the use of online advertising to spread malware. It involves injecting malicious advertisements into legitimate online advertising networks and webpages. Malvertising is a fairly new concept for spreading malware and can be extremely hard to combat because it can quietly work its way into a webpage or advertisement on a webpage and spread unknowingly. Attackers have a very wide reach and are able to deliver these attacks quite easily through advertisement networks.
Pi-Hole has a wonderful community that helps keep track of these malvertising domains, and can help you block them:
https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt
Phishing
Phishing is a type of social engineering where an attacker sends a fraudulent message designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure like ransomware. Again, Pi-Hole can help defend your network if someone was to try and open up a bad link.
https://gitlab.com/Kurobeats/phishing_hosts/raw/master/hosts https://raw.githubusercontent.com/MetaMask/eth-phishing-detect/master/src/hosts.txt
Drive-By Downloads
A drive-by download attack refers to the unintentional download of malicious code to your computer or mobile device that leaves you open to a cyberattack. You don't have to click on anything, press download, or open a malicious email attachment to become infected.
A drive-by download can take advantage of an app, operating system, or web browser that contains security flaws due to unsuccessful updates or lack of updates. Unlike many other types of cyberattack, a drive-by doesn't rely on the user to do anything to actively enable the attack.
Lastly, use these lists to help protect from this unfortunate type of attack:
https://raw.githubusercontent.com/pirat28/IHateTracker/master/iHateTracker.txt https://raw.githubusercontent.com/deathbybandaid/piholeparser/master/Subscribable-Lists/ParsedBlacklists/CryptoWall-Ransomware-C2-Domain-blocklist.txt https://raw.githubusercontent.com/deathbybandaid/piholeparser/master/Subscribable-Lists/ParsedBlacklists/Locky-Ransomware-C2-Domain-Blocklist.txt https://raw.githubusercontent.com/XionKzn/PiHole-Lists/master/Cerber_Ransomware.txt https://raw.githubusercontent.com/deathbybandaid/piholeparser/master/Subscribable-Lists/ParsedBlacklists/Ransomware-Domain-Blocklist.txt https://raw.githubusercontent.com/deathbybandaid/piholeparser/master/Subscribable-Lists/ParsedBlacklists/TeslaCrypt-Ransomware-C2-Domain-Blocklist.txt https://raw.githubusercontent.com/deathbybandaid/piholeparser/master/Subscribable-Lists/ParsedBlacklists/TeslaCrypt-Ransomware-Payment-Sites-Domain-Blocklist.txt https://raw.githubusercontent.com/deathbybandaid/piholeparser/master/Subscribable-Lists/ParsedBlacklists/TorrentLocker-Ransomware-C2-Domain-Blocklist.txt https://raw.githubusercontent.com/deathbybandaid/piholeparser/master/Subscribable-Lists